From de238b589b469188af879bac9ea6624732c9d432 Mon Sep 17 00:00:00 2001 From: yerkennz Date: Thu, 21 May 2026 18:05:26 +0500 Subject: [PATCH 1/7] fix: [CPCAP-9068] remove vulnerable packages --- services/backup-daemon/Dockerfile | 34 +++++++++++++++++++------------ services/patroni/Dockerfile | 13 ++++++++++-- services/upgrade/Dockerfile | 10 ++++++++- 3 files changed, 41 insertions(+), 16 deletions(-) diff --git a/services/backup-daemon/Dockerfile b/services/backup-daemon/Dockerfile index d23c1154..98ad01fc 100644 --- a/services/backup-daemon/Dockerfile +++ b/services/backup-daemon/Dockerfile @@ -46,19 +46,27 @@ RUN apt-get --no-install-recommends install -y comerr-dev \ RUN python3 -m pip install -U setuptools==82.0.1 wheel==0.47.0 COPY docker/requirements.txt /root/requirements.txt -RUN python3 -m pip install --no-cache-dir -r /root/requirements.txt \ - && python3 -m pip install --upgrade pip \ - && python3 -m pip install grpcio \ - && python3 -m pip install opentelemetry-distro opentelemetry-exporter-otlp opentelemetry-api opentelemetry-sdk opentelemetry-instrumentation-flask \ - && opentelemetry-bootstrap -a install \ - && python3 -m pip install "setuptools==82.0.1" "wheel==0.47.0" "jaraco.context==6.1.0" \ - && pip3 uninstall -y pip \ - && apt-get remove -y --purge gcc-12 \ - && apt-get remove -y --purge python3-dev \ - && apt-get remove -y --purge libpq-dev \ - && apt-get remove -y --purge cython3 \ - && locale-gen en_US.UTF-8 \ - && apt-get clean +RUN python3 -m pip install -U setuptools==82.0.1 wheel==0.47.0 && \ + python3 -m pip install --no-cache-dir -r /root/requirements.txt && \ + python3 -m pip install --upgrade pip && \ + python3 -m pip install grpcio && \ + python3 -m pip install opentelemetry-distro opentelemetry-exporter-otlp opentelemetry-api opentelemetry-sdk opentelemetry-instrumentation-flask && \ + opentelemetry-bootstrap -a install && \ + python3 -m pip uninstall -y jaraco.context setuptools wheel && \ + apt-get purge -y python3-setuptools python3-wheel || true && \ + rm -rf /usr/local/lib/python3.*/dist-packages/setuptools* \ + /usr/local/lib/python3.*/dist-packages/wheel* \ + /usr/local/lib/python3.*/dist-packages/jaraco* \ + /usr/lib/python3.*/dist-packages/setuptools* \ + /usr/lib/python3.*/dist-packages/wheel* && \ + pip3 uninstall -y pip && \ + apt-get remove -y --purge gcc-12 && \ + apt-get remove -y --purge python3-dev && \ + apt-get remove -y --purge libpq-dev && \ + apt-get remove -y --purge cython3 && \ + apt-get autoremove -y && \ + locale-gen en_US.UTF-8 \ + && apt-get clean RUN ln -s /usr/bin/python3 /usr/bin/python diff --git a/services/patroni/Dockerfile b/services/patroni/Dockerfile index 12015e9e..1f5e9a0a 100644 --- a/services/patroni/Dockerfile +++ b/services/patroni/Dockerfile @@ -132,8 +132,17 @@ RUN apt-get update && apt-get install -y postgresql-$PG_VERSION-credcheck RUN apt-get install -y alien vmtouch openssh-server RUN cat /root/.pip/pip.conf -RUN python3 -m pip install -U setuptools==82.0.1 wheel==0.47.0 -RUN python3 -m pip install psutil patroni[kubernetes,etcd]==3.3.5 psycopg2==2.9.5 requests python-dateutil urllib3 six prettytable --no-cache +RUN python3 -m pip install -U setuptools==82.0.1 wheel==0.47.0 && \ + python3 -m pip install psutil patroni[kubernetes,etcd]==3.3.5 psycopg2==2.9.5 requests python-dateutil urllib3 six prettytable --no-cache && \ + python3 -m pip uninstall -y jaraco.context setuptools wheel && \ + apt-get purge -y python3-setuptools python3-wheel && \ + apt-get autoremove -y && \ + rm -rf /usr/local/lib/python3.10/dist-packages/setuptools* \ + /usr/local/lib/python3.10/dist-packages/wheel* \ + /usr/local/lib/python3.10/dist-packages/jaraco* \ + /usr/lib/python3/dist-packages/setuptools* \ + /usr/lib/python3/dist-packages/wheel* + # Explicitly install patched libaom3 version RUN apt-get --no-install-recommends install -y libaom3=3.3.0-1ubuntu0.1 || apt-get --no-install-recommends install -y libaom3 RUN mv /var/lib/postgresql /var/lib/pgsql diff --git a/services/upgrade/Dockerfile b/services/upgrade/Dockerfile index 8e4f029d..79b3e99f 100644 --- a/services/upgrade/Dockerfile +++ b/services/upgrade/Dockerfile @@ -23,7 +23,15 @@ RUN adduser -uid 26 -gid 26 postgres # Install like base image RUN apt-get --no-install-recommends install -y gcc-12 python3.11 python3-pip python3-dev wget -RUN python3 -m pip install --no-cache-dir --upgrade wheel==0.47.0 setuptools==82.0.1 +RUN python3 -m pip install --no-cache-dir --upgrade wheel==0.47.0 setuptools==82.0.1 && \ + python3 -m pip uninstall -y jaraco.context setuptools wheel && \ + apt-get purge -y python3-setuptools python3-wheel || true && \ + apt-get autoremove -y && \ + rm -rf /usr/local/lib/python3.*/dist-packages/setuptools* \ + /usr/local/lib/python3.*/dist-packages/wheel* \ + /usr/local/lib/python3.*/dist-packages/jaraco* \ + /usr/lib/python3.*/dist-packages/setuptools* \ + /usr/lib/python3.*/dist-packages/wheel* # Explicitly install patched libaom3 version RUN apt-get --no-install-recommends install -y libaom3=3.3.0-1ubuntu0.1 || apt-get --no-install-recommends install -y libaom3 From b47a192e5dee1fab61f7a33d851fcd9950108ce8 Mon Sep 17 00:00:00 2001 From: yerkennz Date: Fri, 22 May 2026 11:55:02 +0500 Subject: [PATCH 2/7] fix: revert pip for integration testing --- services/backup-daemon/Dockerfile | 11 +++-------- services/patroni/Dockerfile | 5 +++-- services/upgrade/Dockerfile | 2 -- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/services/backup-daemon/Dockerfile b/services/backup-daemon/Dockerfile index 98ad01fc..9bd0169e 100644 --- a/services/backup-daemon/Dockerfile +++ b/services/backup-daemon/Dockerfile @@ -53,20 +53,15 @@ RUN python3 -m pip install -U setuptools==82.0.1 wheel==0.47.0 && \ python3 -m pip install opentelemetry-distro opentelemetry-exporter-otlp opentelemetry-api opentelemetry-sdk opentelemetry-instrumentation-flask && \ opentelemetry-bootstrap -a install && \ python3 -m pip uninstall -y jaraco.context setuptools wheel && \ - apt-get purge -y python3-setuptools python3-wheel || true && \ rm -rf /usr/local/lib/python3.*/dist-packages/setuptools* \ /usr/local/lib/python3.*/dist-packages/wheel* \ /usr/local/lib/python3.*/dist-packages/jaraco* \ /usr/lib/python3.*/dist-packages/setuptools* \ /usr/lib/python3.*/dist-packages/wheel* && \ - pip3 uninstall -y pip && \ - apt-get remove -y --purge gcc-12 && \ - apt-get remove -y --purge python3-dev && \ - apt-get remove -y --purge libpq-dev && \ - apt-get remove -y --purge cython3 && \ + apt-get remove -y --purge gcc-12 python3-dev libpq-dev cython3 && \ apt-get autoremove -y && \ - locale-gen en_US.UTF-8 \ - && apt-get clean + locale-gen en_US.UTF-8 && \ + apt-get clean RUN ln -s /usr/bin/python3 /usr/bin/python diff --git a/services/patroni/Dockerfile b/services/patroni/Dockerfile index 1f5e9a0a..85e56792 100644 --- a/services/patroni/Dockerfile +++ b/services/patroni/Dockerfile @@ -132,11 +132,12 @@ RUN apt-get update && apt-get install -y postgresql-$PG_VERSION-credcheck RUN apt-get install -y alien vmtouch openssh-server RUN cat /root/.pip/pip.conf +# 1. Install pip dependencies +# 2. Uninstall pip-managed setuptools, wheel, and jaraco +# 3. Surgically delete system-managed setuptools and wheel folders (leaves pip intact) RUN python3 -m pip install -U setuptools==82.0.1 wheel==0.47.0 && \ python3 -m pip install psutil patroni[kubernetes,etcd]==3.3.5 psycopg2==2.9.5 requests python-dateutil urllib3 six prettytable --no-cache && \ python3 -m pip uninstall -y jaraco.context setuptools wheel && \ - apt-get purge -y python3-setuptools python3-wheel && \ - apt-get autoremove -y && \ rm -rf /usr/local/lib/python3.10/dist-packages/setuptools* \ /usr/local/lib/python3.10/dist-packages/wheel* \ /usr/local/lib/python3.10/dist-packages/jaraco* \ diff --git a/services/upgrade/Dockerfile b/services/upgrade/Dockerfile index 79b3e99f..250c099c 100644 --- a/services/upgrade/Dockerfile +++ b/services/upgrade/Dockerfile @@ -25,8 +25,6 @@ RUN apt-get --no-install-recommends install -y gcc-12 python3.11 python3-pip pyt RUN python3 -m pip install --no-cache-dir --upgrade wheel==0.47.0 setuptools==82.0.1 && \ python3 -m pip uninstall -y jaraco.context setuptools wheel && \ - apt-get purge -y python3-setuptools python3-wheel || true && \ - apt-get autoremove -y && \ rm -rf /usr/local/lib/python3.*/dist-packages/setuptools* \ /usr/local/lib/python3.*/dist-packages/wheel* \ /usr/local/lib/python3.*/dist-packages/jaraco* \ From af1c378cf2f73dbfd7adf0b84ddb52d1a4756585 Mon Sep 17 00:00:00 2001 From: yerkennz Date: Fri, 22 May 2026 13:01:24 +0500 Subject: [PATCH 3/7] fix: change logic master deletion check --- .../check_delete_master.robot | 66 ++++++++++++++----- 1 file changed, 49 insertions(+), 17 deletions(-) diff --git a/tests/robot/check_delete_master/check_delete_master.robot b/tests/robot/check_delete_master/check_delete_master.robot index b1b1d8f9..97c45aa9 100644 --- a/tests/robot/check_delete_master/check_delete_master.robot +++ b/tests/robot/check_delete_master/check_delete_master.robot @@ -1,8 +1,9 @@ *** Settings *** -Documentation Check scaledown replica +Documentation Check delete master Library Collections Library OperatingSystem Library String +Library Process Resource ../Lib/lib.robot @@ -10,25 +11,56 @@ Resource ../Lib/lib.robot Check Delete Master [Tags] patroni full check_delete_master Run Keyword Checks Before Tests + ${MASTER}= Get Master Pod - # insert test records + ${OLD_MASTER_NAME}= Set Variable ${MASTER.metadata.name} + ${OLD_MASTER_STS}= Get Statefulset Name From Pod Name ${OLD_MASTER_NAME} + + # insert test records before failover ${RID} ${EXPECTED}= Insert Test Record ${MASTER.status.pod_ip} - # delete mater pod - Log To Console Deleting Master Pod "${MASTER.metadata.name}" - Run Keyword Delete Pod ${MASTER.metadata.name} 30 - # wait new master - Log To Console Wait new master election keyword - Wait Until Keyword Succeeds 120 sec 1 sec Check If New Master Elected ${MASTER.metadata.name} - # wait while all replicas back - Wait Until Keyword Succeeds 120 sec 1 sec Check Replica Count + + Log To Console Scaling down old master StatefulSet "${OLD_MASTER_STS}" + Scale Statefulset ${OLD_MASTER_STS} 0 + + Log To Console Deleting Master Pod "${OLD_MASTER_NAME}" + Delete Pod ${OLD_MASTER_NAME} 30 + + Log To Console Wait old master pod deletion + Wait Until Keyword Succeeds 120 sec 2 sec Pod Should Not Exist ${OLD_MASTER_NAME} + + Log To Console Wait new master election + Wait Until Keyword Succeeds 180 sec 2 sec Check If New Master Elected ${OLD_MASTER_NAME} + ${NEW_MASTER}= Get Master Pod Log To Console New Master ${NEW_MASTER.metadata.name} - # wait new replica pod is up - Wait Until Keyword Succeeds 120 sec 2 sec Wait Replica Pods In Up State - # check master not read-only + + Log To Console Scaling old master StatefulSet "${OLD_MASTER_STS}" back to 1 + Scale Statefulset ${OLD_MASTER_STS} 1 + + # wait while all replicas are back + Wait Until Keyword Succeeds 180 sec 2 sec Check Replica Count + Wait Until Keyword Succeeds 180 sec 2 sec Wait Replica Pods In Up State + + # check new master is writable Log To Console Test New Master Works - Wait Until Keyword Succeeds ${120} 1 sec Insert Test Record ${NEW_MASTER.status.pod_ip} - # check existance unavaliabled replicas + Wait Until Keyword Succeeds 120 sec 1 sec Insert Test Record ${NEW_MASTER.status.pod_ip} + Run Keyword Check Replica Count - # check replication again, becouse it is simple! :) - Run Keyword Replication Works + Run Keyword Replication Works + + +*** Keywords *** +Get Statefulset Name From Pod Name + [Arguments] ${pod_name} + ${sts_name}= Evaluate "${pod_name}".rsplit("-", 1)[0] + RETURN ${sts_name} + +Scale Statefulset + [Arguments] ${sts_name} ${replicas} + ${result}= Run Process kubectl -n %{POD_NAMESPACE} scale statefulset ${sts_name} --replicas=${replicas} + Should Be Equal As Integers ${result.rc} 0 + +Pod Should Not Exist + [Arguments] ${pod_name} + ${result}= Run Process kubectl -n %{POD_NAMESPACE} get pod ${pod_name} + Should Not Be Equal As Integers ${result.rc} 0 \ No newline at end of file From f9f87fd7c1cacb90b1578bfda71585c7c7bbd47a Mon Sep 17 00:00:00 2001 From: yerkennz Date: Mon, 25 May 2026 15:50:29 +0500 Subject: [PATCH 4/7] fix: revert check delete tests --- .../check_delete_master.robot | 52 ++++--------------- 1 file changed, 10 insertions(+), 42 deletions(-) diff --git a/tests/robot/check_delete_master/check_delete_master.robot b/tests/robot/check_delete_master/check_delete_master.robot index 97c45aa9..543133ad 100644 --- a/tests/robot/check_delete_master/check_delete_master.robot +++ b/tests/robot/check_delete_master/check_delete_master.robot @@ -3,7 +3,6 @@ Documentation Check delete master Library Collections Library OperatingSystem Library String -Library Process Resource ../Lib/lib.robot @@ -14,53 +13,22 @@ Check Delete Master ${MASTER}= Get Master Pod ${OLD_MASTER_NAME}= Set Variable ${MASTER.metadata.name} - ${OLD_MASTER_STS}= Get Statefulset Name From Pod Name ${OLD_MASTER_NAME} - # insert test records before failover + # insert test records before deleting master ${RID} ${EXPECTED}= Insert Test Record ${MASTER.status.pod_ip} - Log To Console Scaling down old master StatefulSet "${OLD_MASTER_STS}" - Scale Statefulset ${OLD_MASTER_STS} 0 - Log To Console Deleting Master Pod "${OLD_MASTER_NAME}" - Delete Pod ${OLD_MASTER_NAME} 30 - - Log To Console Wait old master pod deletion - Wait Until Keyword Succeeds 120 sec 2 sec Pod Should Not Exist ${OLD_MASTER_NAME} + Run Keyword Delete Pod ${OLD_MASTER_NAME} 30 - Log To Console Wait new master election - Wait Until Keyword Succeeds 180 sec 2 sec Check If New Master Elected ${OLD_MASTER_NAME} + Log To Console Wait until cluster recovers after master deletion + Wait Until Keyword Succeeds 300 sec 5 sec Wait Replica Pods In Up State + Wait Until Keyword Succeeds 300 sec 5 sec Check Replica Count ${NEW_MASTER}= Get Master Pod - Log To Console New Master ${NEW_MASTER.metadata.name} - - Log To Console Scaling old master StatefulSet "${OLD_MASTER_STS}" back to 1 - Scale Statefulset ${OLD_MASTER_STS} 1 - - # wait while all replicas are back - Wait Until Keyword Succeeds 180 sec 2 sec Check Replica Count - Wait Until Keyword Succeeds 180 sec 2 sec Wait Replica Pods In Up State - - # check new master is writable - Log To Console Test New Master Works - Wait Until Keyword Succeeds 120 sec 1 sec Insert Test Record ${NEW_MASTER.status.pod_ip} - - Run Keyword Check Replica Count - Run Keyword Replication Works - - -*** Keywords *** -Get Statefulset Name From Pod Name - [Arguments] ${pod_name} - ${sts_name}= Evaluate "${pod_name}".rsplit("-", 1)[0] - RETURN ${sts_name} + Log To Console Current Master ${NEW_MASTER.metadata.name} -Scale Statefulset - [Arguments] ${sts_name} ${replicas} - ${result}= Run Process kubectl -n %{POD_NAMESPACE} scale statefulset ${sts_name} --replicas=${replicas} - Should Be Equal As Integers ${result.rc} 0 + Log To Console Test Current Master Works + Wait Until Keyword Succeeds 300 sec 5 sec Insert Test Record ${NEW_MASTER.status.pod_ip} -Pod Should Not Exist - [Arguments] ${pod_name} - ${result}= Run Process kubectl -n %{POD_NAMESPACE} get pod ${pod_name} - Should Not Be Equal As Integers ${result.rc} 0 \ No newline at end of file + Wait Until Keyword Succeeds 300 sec 5 sec Check Replica Count + Wait Until Keyword Succeeds 300 sec 5 sec Replication Works \ No newline at end of file From db30cc3edfcc6d46ddb7f32d2a87cc6f05abf4ff Mon Sep 17 00:00:00 2001 From: yerkennz Date: Mon, 25 May 2026 15:52:09 +0500 Subject: [PATCH 5/7] fix: revert changes --- .../check_delete_master.robot | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/robot/check_delete_master/check_delete_master.robot b/tests/robot/check_delete_master/check_delete_master.robot index 543133ad..c871b903 100644 --- a/tests/robot/check_delete_master/check_delete_master.robot +++ b/tests/robot/check_delete_master/check_delete_master.robot @@ -1,5 +1,5 @@ *** Settings *** -Documentation Check delete master +Documentation Check scaledown replica Library Collections Library OperatingSystem Library String @@ -10,25 +10,25 @@ Resource ../Lib/lib.robot Check Delete Master [Tags] patroni full check_delete_master Run Keyword Checks Before Tests - ${MASTER}= Get Master Pod - ${OLD_MASTER_NAME}= Set Variable ${MASTER.metadata.name} - - # insert test records before deleting master + # insert test records ${RID} ${EXPECTED}= Insert Test Record ${MASTER.status.pod_ip} - - Log To Console Deleting Master Pod "${OLD_MASTER_NAME}" - Run Keyword Delete Pod ${OLD_MASTER_NAME} 30 - - Log To Console Wait until cluster recovers after master deletion - Wait Until Keyword Succeeds 300 sec 5 sec Wait Replica Pods In Up State - Wait Until Keyword Succeeds 300 sec 5 sec Check Replica Count - + # delete mater pod + Log To Console Deleting Master Pod "${MASTER.metadata.name}" + Run Keyword Delete Pod ${MASTER.metadata.name} 30 + # wait new master + Log To Console Wait new master election keyword + Wait Until Keyword Succeeds 120 sec 1 sec Check If New Master Elected ${MASTER.metadata.name} + # wait while all replicas back + Wait Until Keyword Succeeds 120 sec 1 sec Check Replica Count ${NEW_MASTER}= Get Master Pod - Log To Console Current Master ${NEW_MASTER.metadata.name} - - Log To Console Test Current Master Works - Wait Until Keyword Succeeds 300 sec 5 sec Insert Test Record ${NEW_MASTER.status.pod_ip} - - Wait Until Keyword Succeeds 300 sec 5 sec Check Replica Count - Wait Until Keyword Succeeds 300 sec 5 sec Replication Works \ No newline at end of file + Log To Console New Master ${NEW_MASTER.metadata.name} + # wait new replica pod is up + Wait Until Keyword Succeeds 120 sec 2 sec Wait Replica Pods In Up State + # check master not read-only + Log To Console Test New Master Works + Wait Until Keyword Succeeds ${120} 1 sec Insert Test Record ${NEW_MASTER.status.pod_ip} + # check existance unavaliabled replicas + Run Keyword Check Replica Count + # check replication again, becouse it is simple! :) + Run Keyword Replication Works \ No newline at end of file From eee03efd0fa9a1d64737d201c8f9a5aa49ec7203 Mon Sep 17 00:00:00 2001 From: yerkennz Date: Mon, 25 May 2026 15:54:09 +0500 Subject: [PATCH 6/7] fix: fix --- tests/robot/check_delete_master/check_delete_master.robot | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/robot/check_delete_master/check_delete_master.robot b/tests/robot/check_delete_master/check_delete_master.robot index c871b903..6442c3f4 100644 --- a/tests/robot/check_delete_master/check_delete_master.robot +++ b/tests/robot/check_delete_master/check_delete_master.robot @@ -31,4 +31,5 @@ Check Delete Master # check existance unavaliabled replicas Run Keyword Check Replica Count # check replication again, becouse it is simple! :) - Run Keyword Replication Works \ No newline at end of file + Run Keyword Replication Works + \ No newline at end of file From f64889dce191cc6628c2d5143428c72289337757 Mon Sep 17 00:00:00 2001 From: yerkennz Date: Mon, 25 May 2026 15:54:56 +0500 Subject: [PATCH 7/7] fix: fix --- tests/robot/check_delete_master/check_delete_master.robot | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/robot/check_delete_master/check_delete_master.robot b/tests/robot/check_delete_master/check_delete_master.robot index 6442c3f4..c871b903 100644 --- a/tests/robot/check_delete_master/check_delete_master.robot +++ b/tests/robot/check_delete_master/check_delete_master.robot @@ -31,5 +31,4 @@ Check Delete Master # check existance unavaliabled replicas Run Keyword Check Replica Count # check replication again, becouse it is simple! :) - Run Keyword Replication Works - \ No newline at end of file + Run Keyword Replication Works \ No newline at end of file